Staff Adversarial Engineer
Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth. At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. Join our team! We’re building a world where Identity belongs to you.
The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution through identifying and resolving risks to our employees, products, and most importantly, our customers. With the ever-increasing pace of cloud application adoption, companies are struggling to find ways to accurately assess risk and act at the speed of their business.
In addition to driving security in our Corporate environment and the Okta service, the Security team is deeply entrenched in the Okta business. As such, we contribute to product roadmaps, branding, research and other strategic aspects of our operations. We work across multiple functions, business partners and the research community. We are an engineering-focused team that seeks to stay on the cutting edge of security technology and the threat landscape.
The Role
The Adversarial Engineering and Operations team plays a key role in Cyber Defense’s (CD) intelligence-led approach to protecting Okta, by proactively identifying potential threats and abuse cases within our environment. We work closely with our Defensive Cyber Operations (DCO) and threat intelligence teams to simulate real-world threat scenarios and conduct in-depth research on our products and platforms. By understanding how adversaries operate, we provide valuable insights that enhance our detection capabilities and overall security posture.
We are seeking a highly experienced adversarial engineer to join the Adversarial Engineering and Operations team. In this role, you will be responsible for planning and executing adversarial operations and research initiatives. You will collaborate closely with team’s in CD to simulate threat scenarios, analyse our security posture, and uncover potential weaknesses. Your operations and research will focus on understanding how attackers could potentially abuse our products and platforms, providing critical insights to strengthen our defenses.
This is not a penetration testing role. Whilst vulnerabilities may be found, the purpose of our work is to provide insights into potential threats and abuse cases to improve our detection and response strategies, not the identification and exploitation of vulnerabilities.
Core Responsibilities:
- Collaborate with CD teams to simulate real-world threat scenarios within our environment.
- Understand, emulate and document attacker behavior to improve threat detection and response strategies.
- Conduct in-depth research on Okta’s products and platforms from an adversarial perspective in order to:
- Identify potential avenues of exploitation and abuse that might not be apparent through traditional assessments.
- Provide Cyber Defense with actionable insights to implement proactive detection strategies.
- Partner with the various teams within CD, broader Security, and engineering teams, to share findings and recommendations.
- Document and present research findings and adversarial operation results to stakeholders.
- Contribute to the development of internal tools, methodologies and processes to enhance the AEO program.
What does it take?
You’re a team player with great communications skills and a thirst for knowledge. You’re curious about systems and how they interact, knowing that to properly defend a system you must first understand how it works. You enjoy testing assumptions and have a strong internal compass for taking calculated risks.
You have a strong offensive security background and have previously worked in a red or purple team capacity and want to work more closely with the blue team. You can explain how major attacker techniques work, along with methods to detect and investigate them. You don’t stop after identifying a problem - you partner with other teams to solve it. You desire to work with a fully remote team and can remain productive and on task outside of a physical office.
Skills and Experience
- 5+ years of experience in cybersecurity, with a focus on adversarial operations, red/purple teaming, or research.
- Experience simulating attacker behavior in SaaS applications, user endpoints, and cloud environments including containerised infrastructure
- Strong understanding of cybersecurity principles, attack techniques, and threat actor methodologies.
- Excellent analytical and problem-solving skills.
- Strong communication and collaboration skills, with the ability to work effectively across multiple teams and geographies.
- Relevant certifications are a plus (OSCP, OSEP, OSMR, GXPN, GDAT, etc)
#LI-LR1
What you can look forward to as an Full-Time Okta employee!
- Amazing Benefits
- Making Social Impact
- Fostering Diversity, Equity, Inclusion and Belonging at Okta
Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.
Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application or interview process, please use this Form to request an accommodation.
Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Privacy Policy at https://www.okta.com/privacy-policy/.